JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.65.172.46

159.65.172.46 was found in our database!

This IP was reported 194 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Hostname(s)	crm.rickshawdelivery.com
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.65.172.46

Whois 159.65.172.46

IP Abuse Reports for 159.65.172.46:

This IP address has been reported a total of 194 times from 70 distinct sources. 159.65.172.46 was first reported on September 23rd 2025, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 BlueWire Hosting	2026-06-16 13:13:40 (10 hours ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 ArturShelby	2026-06-16 02:27:30 (20 hours ago)	Critical file access: /.env	Web App Attack
🇵🇱 sefinek.net	2026-06-16 00:21:35 (22 hours ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoi ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoint: /.env \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 big-cloud.nl	2026-06-15 23:46:05 (23 hours ago)	Try to access /.env	Web App Attack
🇧🇷 Halux	2026-06-15 12:01:51 (1 day ago)	159.65.172.46 Probing protected path or service	Web App Attack
🇩🇪 iNetWorker	2026-06-15 11:39:49 (1 day ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:27:58 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 159.65.172.46 (crm.rickshawdelivery.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 159.65.172.46 (crm.rickshawdelivery.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:27:53.533563 2026] [security2:error] [pid 26385:tid 26393] [client 159.65.172.46:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mindgardens.com"] [uri "/.env"] [unique_id "ai_huXhwIwYbD9Gd_cLNEQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 todix	2026-06-15 11:00:29 (1 day ago)	Web App Attack Exploid from 159.65.172.46	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 09:21:37 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 159.65.172.46 (crm.rickshawdelivery.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 159.65.172.46 (crm.rickshawdelivery.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 05:21:32.054892 2026] [security2:error] [pid 9581:tid 9581] [client 159.65.172.46:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kcdusa.com"] [uri "/.env"] [unique_id "ai_EHHe4jRzrRlbtaUJAdQAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 strxmpp	2026-06-15 07:49:05 (1 day ago)	159.65.172.46 - - [15/Jun/2026:09:49:05 +0200] "GET /.env HTTP/1.1" 404 4538 "-" "Mozilla/5.0 (Windo ... show more 159.65.172.46 - - [15/Jun/2026:09:49:05 +0200] "GET /.env HTTP/1.1" 404 4538 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 06:26:17 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 159.65.172.46 (crm.rickshawdelivery.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 159.65.172.46 (crm.rickshawdelivery.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:26:12.267960 2026] [security2:error] [pid 29403:tid 29403] [client 159.65.172.46:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.pixacast.com"] [uri "/.env"] [unique_id "ai-bBMYsfTOj_KejN573BQAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-14 21:36:09 (2 days ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 Vano Ganzzz	2026-06-14 09:56:56 (2 days ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 14061 (DigitalOcean, LLC ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 14061 (DigitalOcean, LLC) Protocol: HTTP/1.1 (GET method) Endpoint: /.env Timestamp: 2026-06-14T09:56:56Z Ray ID: a0b877cd79cb8c69 UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 show less	Bad Web Bot
Anonymous	2026-06-14 01:41:48 (2 days ago)	Unauthorized access (tcp/443/https)	Port Scan Web App Attack
🇺🇸 xxkodedxx	2026-06-13 13:17:29 (3 days ago)	[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost) Trigger: 1× edge-block in 10 ... show more [Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost) Trigger: 1× edge-block in 10m window. Origin: US / AS14061 DigitalOcean, LLC Active: 13:16:28 UTC Volume: 1 HTTP req Probed: /.env Status mix: 444×1 UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 194 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.97.142.249

🇪🇹 196.190.41.137

🇲🇽 189.203.193.254

🇧🇷 187.87.244.112

🇮🇳 117.211.208.14

🇸🇬 101.32.242.137

🇨🇿 93.99.20.35

🇫🇷 92.103.134.183

🇸🇳 41.82.50.218

🇺🇸 3.129.13.84

🇧🇴 190.52.55.158

🇺🇸 138.94.216.149

🇨🇳 123.144.21.22

🇨🇳 120.82.82.217

🇬🇷 83.235.16.111

🇺🇸 44.250.249.0

🇨🇳 43.139.175.144

🇻🇳 38.60.229.196

🇬🇧 35.203.211.109

🇰🇿 31.132.90.3